Cybersecurity threats are a constant in today’s world, and the need for well-trained, multifaceted cybersecurity professionals has never been greater.

“There is definitely a shortage of qualified cybersecurity people right now. Most science and technology disciplines have seen an increased enrollment in the past couple of years. But computer science has actually seen a decrease,” explains Summer Fowler, deputy director for the cybersecurity solutions directorate in the CERT division (formerly the Computer Emergency Response Team) of Carnegie Mellon University’s Software Engineering Institute. “And one of the biggest challenges in that regard right now has to do with the fact that we’re still just an occupation.

“Computer science is not like medicine or law; there’s no one professional degree. That means we’re lacking a common taxonomy and a level of standardization across the positions. So when I say cybersecurity, I mean one thing and when someone else says it, they may mean something completely different,” she laments.

“There is a movement afoot to change this, especially inside government, where they’re trying to standardize job descriptions and KSAs (knowledge, skills and abilities) required for each position. We’re also seeing it in academia, where actual degree programs for cybersecurity do exist. We’re moving in that direction, but we still have a way to go.”

In the October 2013 Reuters article “Cyber defenders are in short supply as hacking wars escalate,” Peter Apps and Brenda Goh point out, “The biggest challenge is finding the right cyber warriors to fight back. Hostile computer activity from spies, saboteurs, competitors and criminals has spawned a growing industry of corporate defenders who can attract the best talent from government cyber units.”

Big numbers and needs
“The U.S. military’s cyber command is due to quadruple in size by 2015 with 4,000 new personnel… But demand for specialists has far outpaced the number of those qualified to do the job, leading to a staffing crunch as talent is poached by competitors offering big salaries,” the article states.

According to the Bureau of Labor Statistics’ most recent job outlook report, “Demand for information security analysts is expected to be very high… The federal government is expected to greatly increase its hiring of information security analysts to protect the nation’s critical information technology systems.”

A missing ingredient: diversity
But Fowler adds a cautionary note. “The demographic of people entering into and completing computer science degree programs is not very diverse right now. The number of women in these programs has gone down over the years. The same is true for minorities.

“Because there is no silver bullet in cybersecurity, no quick fix, we have to solve problems holistically. We need to deal with people, process and technology. That means we need people from diverse backgrounds who understand and relate to an array of people. And I’m not just talking about gender and ethnicity. We also really need right-brain thinkers, left-brain thinkers, people who can come at these problems from very different angles.”

The shortage of cybersecurity professionals is a serious concern. Nonetheless, a veteran group of diverse cybersecurity experts have been toiling away in the electronic trenches. Here are profiles of some of them.

Global ops risk VP Denise Hucke keeps ADP safe and secureVice president of global operational risk Denise Hucke has three main areas of responsibility at computer integration and business outsourcing firm ADP (Roseland, NJ). She handles due diligence for mergers and acquisitions, controlled assurance, and operational risk.

In her most recent position, she oversaw the ADP technical security services group. That team was responsible for vulnerability management and penetration/static code analysis, also known as “ethical hacking.” She also managed security engineering, operations and ADP’s critical incident response and fraud monitoring team. But she has not always been focused on security.

“When I was at Merck, someone tapped me on the shoulder and said they wanted a manager like me to work in the security group. I started working under a woman who had eleven-plus years of active service in the Navy. She taught me how to protect the business.”

Hucke has been with ADP for three years. She earned a BS in business economics from Rutgers University (New Brunswick, NJ) in 1994. She followed that in 1998 with an MS in telecommunications management from the Stevens Institute of Technology (Hoboken, NJ). She is also a CISSP (certified information systems security professional) and holds a GIAC (global information assurance certification).

Though Hucke knows what it’s like to be the only woman in the room, she feels the technology landscape is changing. “I embrace my diversity and I encourage other women to go into the field. I’m part of the industry-wide Executive Women’s Forum, which includes more than two hundred women in information security, risk management and privacy. I encourage women to find out more about careers in security. It’s a niche in the technology sector, but it’s growing.”

The big security picture at ADPADP’s chief diversity and corporate social responsibility officer Rita Mitjans notes, “As one of the largest global providers of human capital management services, we know that people are our most valuable asset. ADP values speak to the importance of developing an inclusive environment that helps us attract and keep the most talented, values-driven people in the world.

“Given the business we’re in and the fact that our solutions are cloud-based, the confidentiality and security of our clients’ data are paramount. During the past few years, we have certainly grown the number of associates dedicated to this effort.”

“My work requires understanding of technology and how it is implemented. It also requires understanding how businesses function and the way relationships are executed. I need an interesting mix of business and technical acumen, though I lean more toward the technical.”

An unlikely career path
Partridge started his higher education with a 1996 BA in philosophy and a minor in math from Fordham University (New York, NY). He continued with a 2005 MS in information security from Nova Southeastern University (Fort Lauderdale, FL). He’s currently doing coursework in causality and probability at CMU. Before that, he had a variety of experiences in the Navy.

Two things in particular drew him to cybersecurity work. “I enjoy the analytical rigor. Understanding how to apply rigorous analysis to a problem and limit your bias is key. But also, being a minority is mostly immaterial in my job. I find that in today’s world, one’s race can be nearly irrelevant in scientific and technical fields, where the answer is of primary importance. I let my work speak for me instead of letting my physical attributes impact my relationships.”

Diversity is a priorityJeffrey Savinda, manager of recruiting and staffing at CMU’s Software Engineering Institute, notes that CMU considers enhancing diversity one of its top priorities. “We know that research, educational experience, innovation and collaboration are all enhanced when our staff, faculty and students are diverse,” he says.

Tracy Brown fills varied security roles for the Defense Security ServiceIT specialist Tracy Brown, based in Quantico, VA, is one of the senior staff members for the office of the designated approving authority (ODAA) team in the Defense Security Service (DSS, Alexandria, VA). DSS provides personnel, information and industrial security products and services to the Department of Defense and other government agencies and departments.

“I’m responsible for several program areas within ODAA: automation, quality assurance, process improvement, training/workforce development and international support. I’m a subject matter expert with responsibility for providing guidance on complex international wide area networks under DSS cognizance,” she explains.

“I provide technical and policy implementation guidance to our field staff and our private industry stakeholders on information assurance and cybersecurity matters, and I negotiate the terms for memorandums of understanding or interconnection security agreements for contractor-to-government interconnected systems.”

Foundation of a cyber career
Brown earned a BS in information technology with a concentration in network security and a minor in business management from Strayer University (Alexandria, VA) in 2004. She is also a CISSP, or certified information systems security professional. “A CISSP has to pass a comprehensive exam on ten different security domains, from access control to disaster recovery,” she explains.

Brown finds great satisfaction in identifying problems and having the influence to fix them. She also believes technical excellence can eclipse bias.

“Being a minority has not factored into my work as a whole. I learned quickly that I had to be technically competent to earn opportunities. Over time, I witnessed the IT field expand in diversity, from both a female and African American perspective. Being technically competent is the key to success.”

GTRI’s Valerie Lafond-Favieres makes technological challenges more humanAs a senior research scientist and the cyber situational awareness branch head for the cyber technology and information security laboratory (CTISL) at the Georgia Tech Research Institute (GTRI, Atlanta), Valerie Lafond-Favieres helps design tools to make information processing more accessible to users. GTRI does applied research in a number of different areas.

“In the cyber realm, there is a lot of information, sometimes too much information. So we identify the critical information and build tools to help people visualize and analyze that information so they can make important decisions.”

She also works closely with CTISL’s threat intelligence branch, “taking information products they develop and turning them into more usable products for end users.”

An early foot in the door
Lafond-Favieres began her cyber career with a BS in computer science from Spelman College (Atlanta) in 1999. That same year she started at GTRI as a graduate research assistant, getting her MS in human computer interaction, a combination of computer science, psychology and communication, from Georgia Tech in 2000. Lafond-Favieres is recognized for her technical abilities, but believes her most important strength lies elsewhere.

“The most important skill I have is listening. That may not sound technical, but it is. It’s my job to interpret what people are saying. Many highly intelligent, technical people can’t communicate well. On the other hand, customers understand what they want, but often don’t understand technology well. I’m the mediator. So listening has played a critical role throughout my career.”

GTRI is listening, too
Atlanta-based GTRI diversity consultant Shatanese Reese believes listening is also critical to her work. “The objective of GTRI’s diversity initiative is to enhance GTRI’s sense of community, so being sensitive to the community’s needs is very important.

“We’re attempting to raise awareness, educate, and foster a greater appreciation for diversity. We’re in the early stages of a fully developed program, but we’re definitely committed to diversity.”

Marian Dowling helps provide vital network services for the Navy and Marine CorpsMarian Dowling heads the operational networks section of the information technology division for the Naval Research Laboratory (NRL, Washington, DC). NRL is the corporate research laboratory for the Navy and Marine Corps, boasting a broad program of scientific research, technology and advanced development. And Dowling plays an essential role.

“I supervise a talented group of individuals who provide leading-edge network services for NRL, including cybersecurity. We are responsible for lab-wide networking services, threat monitoring, intrusion detection and prevention systems, network configuration, forensics, scanning, and interaction with computer network defense service providers.”

A career begins at NRL
Dowling earned her BSCS in 1988 from the University of Maryland-University College (UMUC, Adelphi, MD). That year she also started working as a contractor at NRL. Soon after she was hired there and rose through the ranks. She returned to UMUC for her MS in computer systems management in 1995.

Even though she’s highly technical, Dowling also sees technology as a people business. “I enjoy problem solving and supporting research at NRL, and I’ve worked with an excellent team for the majority of my career. NRL is such a great environment. Getting the job done is dependent on technical factors, but our diverse workforce provides a wide range of personal backgrounds and experiences that enhance our work and environment.”

“The diverse nature of NRL’s S&T work is complemented by its diverse workforce, which provides not only the necessary technical talent, but also the added value of varied life experiences that enhances our overall research and end products. Bottom line is, we believe a diverse workforce is imperative to fulfilling our mission and ensuring the laboratory is as vital and innovative today as ever.”

Teresa Duvall leads a cyber safety effort for the U.S. NavyTeresa Duvall is a network integration division head and IT specialist for the U.S. Navy’s Fleet Cyber Command (FleetCyberCom, Fort Meade, MD). Duvall works in Suffolk, VA, where she supervises a team of two uniformed personnel and nine civil servants.

Her work is intense. “The network integration team is the lead for CIO functions. We do IT portfolio management and guidance for information management and IT policies in the FleetCyberCom headquarters and its subordinate organizations,” she reports.

Duvall has a BS in political science from Pennsylvania State University (College Park, PA), and an MEd in education and human development from George Washington University (Washington, DC). She has two masters degrees: in national security and strategic studies from the Naval War College (Newport, RI), which she received in 1998, and a masters of IT management from the University of Virginia (Charlottesville, VA), finished in 2006. She holds many high-level certifications.

A naval officer for twenty years, she is pleased to be able to continue her service as a civilian employee at FleetCyberCom.

“I enjoy the daily challenges and opportunities associated with cyber and the mission of Fleet Cyber Command,” she says. “In our command, I have seen a commitment to creating and supporting a diverse work environment. Diversity makes our nation and our navy strong. The command advocates ‘a diverse, high-performing workforce that achieves mission readiness in support of maritime strategy by fostering a work environment where all people are valued, respected and provided an opportunity to reach their full personal and professional potential.’ Who wouldn’t want to work at a place like that?”

Commitment from the top
Captain Kate Janac, Navy force manpower director at FleetCyberCom, says the Navy’s diversity commitment starts at the top. She points to the diversity vision crafted by Admiral Jonathan Greenert, chief of naval operations, which says in part, “Diversity is about achieving peak performance by maximizing contributions from the entire force. Our force will draw on the widest possible set of talents and backgrounds to maximize our warfighting capability, adapt to new threats and challenges, and take advantage of new opportunities.”

“For instance,” Janac says, “we routinely conduct climate surveys of the workforce and determine corrective actions to enhancing work life for all. We promote outreach events like involvement with national affinity groups. Mentoring is key at all levels. The Navy has appointed a chief diversity officer to facilitate our efforts.”

Chief ISO Lena Smart handles IT cybersecurity for NYPAChief information security officer Lena Smart is responsible for cybersecurity for the New York Power Authority (NYPA, White Plains). It’s a position that requires deep understanding of firewalls, security tools, hacking tools and psychology. Equally fascinating is how Smart discovered her passion for the profession.

“I watched the movie WarGames when I was sixteen, and that opened my eyes to the interesting things that computers could be used for. Now I love the ever-changing face of IT and the high visibility that cybersecurity is receiving.”

Expertise through experience
A fifteen-year veteran of NYPA, Smart opted for experience over formal education. But she holds many of the highest industry certifications including CISSP, certified chief information security officer, certified information system auditor, certified information systems manager, and certified risk and information systems control. Smart’s path may be atypical for most cybersecurity experts. But her advice for women entering the profession is not.

“Stand your ground. Learn your craft and become an expert. Then it doesn’t matter if you’re a man or a woman. People will respect you for your knowledge, not your gender.”

A techie, but a people person
Smart also believes in giving back to the profession. “I mentor young people in the NYPA program and unofficially as well. I enjoy mentoring, particularly when I am able to help someone with a problem they thought was insurmountable. I also like to teach people about cybersecurity, and how best to protect themselves from trolls or identity thieves who lurk on the Internet.”

Smart credits NYPA for its diversity efforts, and the social opportunities that presents. “We have a diversity officer who organizes functions at NYPA to bring different cultures together. These are fun and allow us to meet people from different countries to discuss our differences in a relaxed atmosphere. I love meeting people from other countries and hearing about their customs and little quirks that make everyone unique. I’m from Scotland, a very small country, so I enjoy these ‘diversity parties’ where we mix it up and show off our countries and their national traditions.”

At the end of February, Smart became VP of information technology and chief technology officer for NYPA.

Sar works in an office in Columbia, MD. She ensures all Leidos networks are secure by blocking known malicious cyber activity. She also provides cyber analysts with the intelligence they need to monitor the networks.

“Cybersecurity is a dynamic field. It’s technically challenging. But the most essential training I received was not technical,” she says. “It was a communications class. The ability to convey progress, developments, importance and status to engineers, customers, management, executives, etcetera, at varying technical levels, is critical to success.”

In 2003, Sar received her BS in decision and information technology and logistics and transportation management from the University of Maryland (UM, College Park). She joined Leidos (then SAIC) as a summer intern in her junior year. She got an executive MS in business administration from UM in 2008.

Prepared for another challenge: diversity
She credits Leidos for its equitable working environment, but she was also prepared from early on for any potential challenge. “Yes, being a person of color has factored into my work. My strong work ethic is something that was ingrained in me from a young age. My parents instilled in me that because I was a person of color I would have to work hard to earn opportunities. As a young female of color, I consciously work very hard to ensure that my voice is heard and not discounted.”

Veteran solutions architect David Butler, Jr also keeps Leidos secureDavid Butler, Jr also works in Leidos’s Columbia, MD, office. He’s a solutions architect with a broad range of cybersecurity responsibilities, including the implementation of cryptographic protocols (SSL/TLS), the integration of heterogeneous components into complex processes and workflows, and facilitation of systems to handle high volumes of data securely. He joined Leidos right after college.

“I contribute ideas to solve software engineering problems including approaches and estimations of the complexity of solutions. I also perform system and network administration, security and software engineering, and proposal and technical writing.”

Tackling adversity
Butler studied mathematics and played defensive tackle at Bowie State University (Bowie, MD) and then earned a BS in mechanical engineering from the University of Maryland-College Park in 1999. He is also CISSP certified. But Butler’s academic and professional careers were shaped by guidance that took place long before.

“While I have never been held back because of my color, I witnessed firsthand the challenges my parents faced in their careers. When I played defensive tackle I would overwhelm an offensive lineman with brute force, strength and speed. My father and I have treated our careers the same way. I am of the mindset that if you overwhelm people with merit, anyone with a regressive mindset who attempts to stand in the way of progress will eventually get exposed. I have been really lucky to work for a company that takes ethics very seriously and with people who value my ideas.”

D&I are integrated at Leidos
Executive VP and chief HR officer Sarah Allen says, “At Leidos, diversity and inclusion are integrated strategically into all aspects of the business. Diversity and inclusion are more than just the right thing to do; they are business imperatives.

“Our approach begins with the targeted recruitment of diverse candidates and spans the career cycle with opportunities for networking, mentoring programs, and management training that gives managers awareness, knowledge and tools to foster an inclusive environment.”

Alan Soriano ensures the credentialing process for the Social Security AdministrationAlan Soriano is branch chief of the identity and credential management branch in the division of identity, credential and access management in the office of information security at the Social Security Administration (SSA, Baltimore, MD).

He helps the SSA establish identity and credentials as mandated by the office of the President. “This includes overseeing the implementation of the HSPF-12 PIV Smartcard, a Department of Homeland Security-initiated program for improving the identification and authentication of federal employees and contractors, as the single means of identity and systems authentication, and developing supporting policies and procedures.”

After majoring in accounting and economics at Essex Community College (Baltimore, MD) from 1988 to 1990, Soriano began working fulltime for a printing and graphics company. “There is where my interest in computer systems and technology began,” he remembers. He eventually took over the company and added computer networking and web design services. After selling the firm, he attended the University of Maryland-College Park, but decided to delay his degree. He worked for large corporations like Lockheed Martin and Citi Financial. Today, Soriano is a Microsoft certified systems engineer and certified network engineer, and has numerous other certifications.

Parents influence success
Soriano credits his success and unique professional path to a number of elements. But for him, one particular element was not a factor.

“Being a minority hasn’t factored into my work at all. My parents raised me to work hard, to be self motivated and confident. And that has been most influential to my success.”

Diversity is an asset at SSASSA deputy commissioner for systems Bill Zielinksi sees Soriano’s outlook as a perfect fit for SSA. “The diversity of our workforce is one of our greatest assets in our ability to provide world-class service to the public,” he states.

“We recruit and hire from a diverse, qualified group of potential applicants to secure a high-performing workforce drawn from all segments of American society. In addition, we cultivate a culture that encourages collaboration, flexibility, inclusion and fairness to enable individuals to contribute to their full potential and further retention.

“In IT, as in any discipline, each one of us contributes and plays an important part in fulfilling SSA’s mission of delivering Social Security services that meet the changing needs of the public.”

Harry Jones: leadership and oversight for SSC Pacific’s computer network defenseBased in San Diego, CA, Harry Jones is the dynamic computer network defense branch head for computer network defense and cybersecurity for the Space and Naval Warfare (SPAWAR) Systems Center Pacific (SSC Pacific, San Diego, CA). He is responsible for about thirty civil service personnel, five military personnel, and a budget in excess of $20 million.

“I provide technical leadership and oversight for all SSC Pacific’s computer network defense afloat projects, and for some shore efforts as well.”

Jones’s security mandate also covers a wide range of responsibilities. He does projects for the chief of naval operations, fleet cyber command, commander tenth fleet, and numerous other entities, providing expertise on a wide range of security-related issues.

An extensive resume
Jones has been with SSC Pacific for nine years. Before that he was a U.S. Navy chief warrant officer and cryptologist, retiring after twenty-eight years of naval service. He has a wealth of professional cybersecurity training and certifications including CompTIA Security+, a number of SANS Institute certifications, and professional licenses from both the private sector and the National Security Agency. He believes that cybersecurity benefits greatly from multiple perspectives, and praises SSC Pacific for its diversity efforts.

“Because of the dynamic nature of the cybersecurity domain, and the fact that the adversaries we go up against daily are also so diverse, our organization must be diverse in ethnicity, race and gender, and also diverse in work experience, parental status, educational background and geographic origin. These are all critical to our success.”

“I help state organizations develop security strategies for their information security programs. I also increase Symantec’s presence by giving testimony on cybersecurity before the New York State Senate, as a national speaker and at industry cyber conferences and state C-level briefings.”

Ross attended Chattahoochee Technical College (Marietta, GA) and boasts numerous high-level certifications. He’s been with Symantec for seven years. Ross believes a diverse education is critical to his profession.

“I’ve found the critical technical skills required for a profession in cybersecurity really come from work experience in the operations of information technology, including all the various levels of troubleshooting computer and network issues, plus a clear understanding of basic computer systems and networking.”

Important elements for success
“You must first have the passion, along with a strong work ethic. And you cannot be afraid to learn new, complex technologies,” Ross declares.

“You must be willing to share your time and talents to help mentor others. It’s also worth noting that successful people take time to learn about other cultures and welcome differing perspectives. Symantec is a company that values and embraces diversity of many types, and believes it’s what enables us to innovate and succeed.”

Diversity at Symantec
Symantec SVP and chief HR officer Bettina Koblick agrees. “Symantec embraces diversity of many kinds, including culture, ethnicity, age, sexual orientation and gender. We devote particular attention to the promotion of gender equality and the advancement of women in technology,” she notes.

“We believe diversity also encompasses respect, open-mindedness and a commitment to professional and personal growth. It’s what allows us to innovate, solve problems and succeed. By embracing diversity we make the most of our human resources, talent and abilities.”

Sanjay G. deals with highly sensitive cybersecurity issues for the CIA
Sanjay G. is a first-line supervisor overseeing a branch of a dozen officers and complex technical operations in the cyber realm for the Central Intelligence Agency (CIA, McLean, VA).

“It’s an important responsibility and we have to ensure that every operation we pursue is productive, that it has a positive impact on U.S. national security. But I enjoy the fact that we deal with a very complex and diverse set of problems. Every problem is unique and requires us to be very creative in trying to craft technical and operational solutions.”

Starting in the early 2000s as a co-op student, Sanjay joined the CIA after graduating from an East Coast university with a BSEE and a minor in mathematics. After serving overseas multiple times and working in numerous “interesting countries,” Sanjay realizes that being a minority has been invaluable to his work.

“Our intelligence efforts are focused on foreigners, so understanding different cultural thought processes is crucial. Also, when you’re a minority and overseas, doing the type of work we do, you’re almost invisible, the lowest-profile person. That’s a great thing in our business.”

“We can’t succeed in our intelligence mission without a workforce composed of sharp, creative people who recognize the world’s nuances. More and more, this mission relies on bringing together diverse teams of experts with a range of backgrounds and specialized knowledge to solve complex problems.”